ComputracePlus deletes stolen data

> Forwarded from: Russell Coker <russellcoker.com.au>

> Interesting that they claim their software-only solution can survive
> fdisk and format. I wonder if they will claim that it can survive the
> installation of a different OS?
>
> Something like TCPA MIGHT be able to do this, but nothing less will.

I thought about this too, and I came up with one option: the BIOS.
We’ve seen viruses which can erase a Flash BIOS, so wouldn’t it be
possible to write a small virus (just a few kilobytes) living in the
unused areas in the top of that Flash ROM, which knows how to hook in
to various common BIOSes (AMI, Award and Phoenix cover over 99% of the
market), scan for supported operating systems at boot and install
itself into their partitions?

Admittedly, I’m not aware of a case where this has been done, and it
would certainly be tricky, but it cannot be dismissed as impossible
just yet. Look at what worm writers can do with less than a kilobytes
of shellcode.

The virus might not “support” any operating system other than Windows,
but it could perhaps survive the installation of such an OS, lying
dormant in the BIOS until such a time as a supported operating system
is reinstalled, and then quietly reinject itself again.

Once the virus code was running under Windows it would of course have
access to the victim’s, ahem, user’s internet connection to detect
whether the machine had been reported stolen.

If it hasn’t been done yet, perhaps it is a business idea for someone?
I don’t have time to implement it myself.

> > Data Delete
>
> Hasn’t anyone ever heard of cryptography?

Not really, many people think it’s “a deadly cyber-weapon used by
terrorists” or some such nonsense, and most people can’t deal with the
risk of losing their passphrase. Of course they sacrifice their own
security for safety as a result, but such is life.

> Surely if you want to steal someone’s data then the first thing you
> do is power the machine down and remove the hard drive to prevent
> such erasure!

Yeah, but how many machines (apart from MI5’s laptops) are stolen
_because_ of the data contained? I would venture that casual thieves
often do not realise the value of the information they’ve stolen until
they take a good look at the machine. By that time, such trivial
defenses as Data Delete would have had time to operate. Let’s also
remember that luckily, most thieves did not come from the deep end of
the gene pool or receive cyber-espionage training. =)

> Conclusion, after you steal someone’s laptop to get their data don’t
> immediately connect it to the Internet, copy the data off first!
> Don’t boot from the same OS they used, put the hard drive in your
> own machine (for best results mount the hard drive on a non-Windows
> OS).

True, and these solutions could never, ever protect against a
determined thief. They have some value in the war against casual theft
which is the biggest risk (in terms of frequency and publicity) for
most users.

> My observation is that “rm -rf /” is fast enough that even
> experienced administrators often don’t catch it while there’s still
> something left. mkfs is even faster.

Ever tried that under Windows? =)

> As for “disguiseing your location with a false IP address”, that’s
> an amusing claim.

I certianly agree with this, since it’s almost impossible to get a
reply to a genuinely spoofed packet, so it would not do the thieves
much good to surf with one.

> Firstly IP addresses on their own aren’t THAT useful for locating
> people (think about NAT, think about ISPs in other countries that
> won’t accept court orders).

Again, casual theft is the main target of these programs, whatever
their creators may claim. I don’t think many thieves would take their
freshly-stolen laptop all the way to Morocco just to download their
pr0n in peace.

> Secondly if you want your program to trace it’s location based on IP
> addresses then you could give it “traceroute” functionality and
> have it send the complete trace log to the server.

Yes, that would actually be a rather good way of tracing. But you
don’t need the complete trace. The next hop upstream (your ISP’s
dialup router) is definitely not spoofing its packets, and if you can
get its IP address by a one-hop traceroute and send it to someone,
then that someone can run the rest of the trace themselves.

> Of course it’s undetectable. It’s so undetectable that even fdisk
> can’t find it… :-#

Undetectable != unremovable of course, and neither applies to the
product, but fdisk isn’t looking for “agents”, especially not in the
BIOS.

> A much better option is to encrypt all the disks and have the
> encryption keys stored in a central office.

Absolutely.

> NB If using an encrypted file system on your laptop be sure to
> permanently disable the “Hibernation” facility in the BIOS. If a
> thief can get a dump of all kernel memory to disk then the
> encryption key will be available in there.

OS vendors should probably wipe this area immediately after resuming
from it, to prevent the accidental retention of sensitive information.

Cheers, Chris.

-- 
_ ___ __     _
 / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |

– ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with ‘unsubscribe isn’ in the BODY of the mail.…

Toward a More Secure 2003

The challenges to info-tech security will surely be daunting, and
companies’ efforts to stay safe will have to keep increasing

With holiday cookies and sweets still being shared around offices
everywhere, security is the least of concerns these days as most
businesses are thinking merry, not wary. So what better time to
examine the year ahead for what to expect in terms of computer
security? First, 2003 will surely pose some pretty daunting challenges
to chief security officers and the organizations they protect. At the
same time, improvements in software and technology will elevate
computer security to another level. Here’s a quick rundown of what to
expect:

Spam becomes an even bigger headache

According to e-mail security-service provider Message Labs, spam’s
growth rate will continue be faster than that of legitimate e-mail —
and in terms of sheer volume, spam will eclipse the legit stuff. That
will make the spam torrent more burdensome and harder to control.
Companies that haven’t invested in antispam software will need to do
so, pronto, or have their employees waste more and more time simply
hitting the delete key.

Part of the bargain will be businesses accepting the fact that some
messages will get tossed out with the trash, as antispam programs are
hardly perfect. Still, it’s better than being up to your eyeballs in
smutty missives and come-ons for investment scams from randomly
generated e-mail addresses.

Instant messaging succumbs to spam, too

Once a relative haven, instant messaging has recently become a target
for spammers seeking new outlets. According to e-mail consultancy
Ferris Research, IM spammers works off lists of addresses freely
traded on the Internet. They usually send a message to someone on live
IM asking them to visit a Web site that sells smut, bogus software, or
often legitimate products being marketed in unfortunate ways.

Since no IM spam-screening software is yet available, an IM user on
the wrong list could spend a good chunk of time refusing invitations
from IM spammers. That coverage hole will force many corporations to
consider moving their IM users onto private messaging systems not
accesssible to the public Internet.

Hardware, hardware, hardware

Security isn’t shrink-wrapped anymore. Eighty percent of the licenses
for expensive, high-grade firewall programs come on specially
configured pieces of hardware designed to run this software. That’s
way up from a few years ago. And its only the start.

From virtual-private-network servers to intrusion-detection systems to
newer pieces of software designed to spot behaviorial aberations that
point to a security breach, more and more products are moving from a
piece of self-contained software that an IT consultant or your own
systems administrator installs to a specialized piece of equipment
built with security in mind. The upside? These systems are generally
easier and cheaper to install and launch in a network. The downside?
Less flexibility for companies with special software needs.

Safe computing outside the corporate perimeter Employees logging into
corporate networks from home PCs over public broadband connections are
now commonplace. As a result, security software and hardware that once
did a fine job of guarding sensitive systems looks increasingly
vulnerable. That’s because all these remote networkers, be they
employees or partners, are no longer snuggly inside the “official”
data-security perimeter.

Also, persistant worm-virus outbreaks, such as Nimda, explain why more
and more corporations are going through the considerable hassle of
putting security software — firewall, intrusion detection systems,
antivirus software — on every desktop machine. Companies with
end-to-end protection remain in the minority, but they won’t be for
long as it becomes easier to link up fleets of desktops with central
control consoles that not only talk to the big, heavy-duty security
appliances but also to the thousands of small programs guarding the
road warriors’ machines.

Identity theft goes berserk online

Call in the copycats. When well-organized ID thieves convinced a clerk
at a Long Island (N.Y.) software company to give them access to tens
of thousands of credit reports using his company’s password, they
illustrated how the Net makes the part of ID theft that was hard until
now — accumulating the information — much easier. With widely
available credit reports such an integral part of American business,
it’s hard to imagine how the credit agencies can quickly and simply
limit access to the reports without impeding the flow of commerce.

With easy access to credit reports available to thousands of people
throughout the U.S., expect blockbuster ID thefts in 2003 and beyond.
Whereas credit-card numbers were traded freely on the Internet in the
past, now the bad guys will trade entire personal dossiers. And fixing
the problem will be much harder because it’s pretty easy to screen out
someone who has picked up one of your credit-card numbers but much
harder when it comes to a rogue who has that, your bank-account
number, you social security number, and the last five addresses you
have called home.

Of course, this little list is just the beginning. I haven’t even
touched on still-early trends such as merging physical and online
security: Companies are starting to look at guarding these assets in
coordination because often computer-security breaches start with
physical breaches.

Likewise, more and more businesses are installing software that tracks
theft of sensitive, high-end intellectual property. Once hamfisted,
the second generation of these systems works much better, according to
Gartner security analyst John Pescatore. Both of these are topics I’ll
explore in depth during the next few months as their markets and uses
develop.

All told, computer security remains one of the more dynamic areas of
the moribund IT sector. And it’ll get only more interesting in the
coming year.


ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with ‘unsubscribe isn’
in the BODY of the mail.…

Porn can jump on an individual’s computer system with as well as without their expertise

brazzers xvideos

Sites are seen intentionally or inadvertently by either being rerouted or by clicking the wrong web link. Furthermore, what is less understood to the majority of users is that infections, Spyware and also Malware add porn to individual’s computer systems without their expertise. The porn industry has created the art of filming swiftly as well as at affordable, yet still looking excellent and offering the consumer what they desire. You could not have a massive budget plan, yet select as company with high production values to make sure you obtain a video clip that reveals yespornpelase in your ideal light.

Giving away giveaway cups

There is SIGNIFICANT money in the grown-up sector, however you would certainly be hard pushed to find a porn website that isn’t providing SOMETHING away free of charge. It may be freebie images of the day, short video cups, trailers, downloadable records or more. They know that if they give sufficient away, you’ll return and pay for more. Free porn is bountiful online. Any individual with a computer and Net link can access countless complimentary porn photos as well as videos for. In a situation in which porn arrives without the user’s knowledge, innocent people may find it hard to verify the source of the porn that may cause their termination from work or even worse being arrested for something they did refrain from.

How do you protect yourself? Simply Deleting porn is not nearly enough!

This since the computer system is designed to allow us to retrieve products we deleted by chance. Secure deletion on the various other hand is when a document is erased in a way that it can never beget. No traces are left on the computer and the data is entirely eliminated. There is a software program created particularly to scan, discover and also eliminate porn completely. Porn detection xvideos brazzers include complicated formulas that check photos pixel by pixel, identifying complexion saturation as well as curvature. The same is done for video in which case the software checks structures of the video. This is the only method for the individual to guarantee that all porn on their computer system is both spotted and gotten rid of completely.

Free Tips – The “Correct Score” Winning Football Betting Technique

cara daftar sbobet

It is not impossible for someone to get brought away and also act on impulse by taking a risk to bet with more loan than he in fact has. A self-disciplined bettor recognizes just how to establish limitations on himself. Remember that you are utilizing difficult generated income so you’ve reached be smart being used it. Understanding any kind of group’s player schedule is essential due to the fact that you will base your picks on among these variables. Not due to the fact that a team is prominent doesn’t mean that they win all the time.

Football Betting Tips Reconsidered

If you would like to know your pro football betting chances, listen to this. Nearly all the countries in the world play football. Football is played by a lot of generations from young to old, to experts as well as blue-collared employees. These are simply followers that make it as their pastime yet the specialist league, college organization and the reduced age leagues make football a more exciting sport to see. That is why it is not a surprise that individuals are getting an increasing number of involved in football betting. The fact is, half of the people that watch this sport does not simply see it for enjoyable, they see it get cash! Engaging in betting, you must have the artikel daftar sbobet ability to review between the lines of pro football wagering odds.

Win Big, Lose Small

Football wagering likewise called as football betting is now obtaining an increasing number of well-known online. The risks are high however only if you have the best mindset, info as well as skills when it pertains to wagering. The key point you should find out before engaging in football wagering is getting informed. Many sites now use online football tutorials. However if you wish to get ahead, one of the most important thing to understand is that you need to take a look at the group’s stats prior to banking on them. The opportunities of you winning are cara daftar sbobet higher if you recognize how to investigate your way to winning. Do not bank on one of the most liked or supported team regularly. Pick the team whose statistics of winning from previous battles are high.

Where to Find the Best Casino Poker Incentive

Judi Poker

Finance skills lacking – Numerous challengers of online and minor gambling like to believe that on the internet casino poker accommodates “a click of a computer mouse, and also you’ll lose your home” syndrome. Although this little reasoning seems a bit severe, on the internet texas hold’em can provide a young gambler, who is not well-versed in finance skills, the ability to shed a large amount of cash, in a brief quantity of time. Luckily, there are some counter-arguments to the above anti-youth-gambling rhetoric. Uncontrollable gaming – Lots of research studies have been done, that show that uncontrollable betting results in an extremely, extremely tiny percentage of overall Judi Poker bettors.

Is Online Gaming the New Trend?

The net shows no limits and also web gamblers the young people consisted of must have the ability to do what they desire with their own money. Free speech is a vital concern below. Some on the internet poker websites put no age constraints on individuals betting at their site. Youth Gaming Discovery – Some of the respectable on-line casino poker websites currently have an advanced sign-in area, to make sure that their customers are not minor bettors. These are all valid concerns, as well as depending upon the person, could be relevant or otherwise. Thus, there are no limitations positioned on underage casino players on these types of websites.

Some Helpful Online Poker Advice

Pretension – the opposition fasts to cry out against Underage on-line casino poker players, yet there are several jurisdictions that permit underage bettors to take part in online lottery games and also on-line fantasy sporting activities pools, which are frequently bet wager. These innovation advancements can be shared with territories that currently do not have these safeguards in position, to attain the preferred outcomes. Youngsters below the legal ages of 18 or 21, can easily use most of these poker sites.

Regulation is the response – If on the internet texas hold’em became managed as an example, in the United States, the online underage disagreement might be nipped in the bud, and the prevention of minor bettors Agen Poker QQ might absolutely be attended to. There are many respectable online texas hold’em facilities running worldwide, that have implemented such checking for many years, and also the associated modern technology regulating this has actually reached a growth process.

The Ever Before Present Smoking Cigarettes Issues

GTRBET

In situation a tie takes place between a banker and a gamer, the video game attracts to a verdict. If a gamer or banker gets a mixed value of 9, the hand gets frequently called a natural hand and it wins the game. If no one has a 9, and a hand valued at 8 exists, after that it’s determined as a hand that is a default win. In every single circumstance, the greatest value hand wins the video game. Lastly, if you place a tie wager, the payment GTRBET goes to an 8 to one proportion.

The Advancement of Gaming

When it comes to betting on the game, every person’s wagers are wagered prior to the cards obtaining disclosed, as quickly as bets are positioned by the players, no more choices are called for. You then choose amongst 3 choices when you are placing Baccarat bets: you’ll have the ability to wager that the gamer’s hand is going to be closer to a worth of 9, or you can bet that the lender’s hand will be best, or wager a wager that both the banker as well as the player will have hands ending with a tie.

Crowd Control

Next the lender and the player both are dealt 2-3 cards and the winning hand is eventually the hand with a full well worth that is closest to the total amount of 9. Need to you determine to bank on the player’s hand, the payout if you need to win is even cash. In comparison, if you bank on the banker’s hand, the payout amounts also loan minus a five percent fee for the banker. This will normally gtr55 occur if ever before the total worth of the cards in all hands is five or reduced.

Gambling in Monte Carlo

In instance you don’t have a connection and there are no all-natural winning hands which take place, much more cards could be dealt depending upon the custom rules of the establishment. Web Baccarat rules can differ a percentage based upon the online house’s policies. When wagering is finished, each player and the banker are provided two cards. If the cards amount to a two-digit number, the last figure counts as the value of the hand. For instance, 6 + 7 = 13, counts as 3. Card values after that get included in order to determine the winning hands.